logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

NextGen Gallery < 3.5.0 - CSRF allows File Upload

Description

It was possible to bypass the "validate_ajax_request" function used to control access to ajax functions by sending a request without a nonce parameter. This could be used to upload arbitrary code to an image file. Although the uploaded file must be a valid image, it is possible to include PHP code in a valid image, which would be executed if included using the vulnerability in CVE-2020-35942

Affects Plugins

nextgen-gallery

Fixed in version 3.5.0

References

CVE

CVE-2020-35943

URL

https://www.wordfence.com/blog/2021/02/severe-vulnerabilities-patched-in-nextgen-gallery-affect-over-800000-wordpress-sites/

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CWE-352

Miscellaneous

Original Researcher

Ramuel Gall

Submitter

Ramuel Gall

Submitter twitter

ramuelgall

Verified

No

WPVDB ID

7e1f1083-4c41-41c8-bbf0-640484384196

Timeline

Publicly Published

2021-02-08 (about 2 months ago)

Added

2021-02-08 (about 2 months ago)

Last Updated

2021-02-09 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin